Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1929

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-24 May, 2011 | 23:00
Updated At-06 Aug, 2024 | 22:46
Rejected At-
Credits

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:24 May, 2011 | 23:00
Updated At:06 Aug, 2024 | 22:46
Rejected At:
▼CVE Numbering Authority (CNA)

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html
vendor-advisory
x_refsource_FEDORA
http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
x_refsource_CONFIRM
http://secunia.com/advisories/44771
third-party-advisory
x_refsource_SECUNIA
http://dovecot.org/pipermail/dovecot/2011-May/059086.html
mailing-list
x_refsource_MLIST
http://www.debian.org/security/2011/dsa-2252
vendor-advisory
x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2011:101
vendor-advisory
x_refsource_MANDRIVA
http://www.dovecot.org/doc/NEWS-2.0
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=706286
x_refsource_CONFIRM
http://dovecot.org/pipermail/dovecot/2011-May/059085.html
mailing-list
x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2011-1187.html
vendor-advisory
x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html
vendor-advisory
x_refsource_FEDORA
http://osvdb.org/72495
vdb-entry
x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/67589
vdb-entry
x_refsource_XF
https://hermes.opensuse.org/messages/8581790
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/bid/47930
vdb-entry
x_refsource_BID
http://openwall.com/lists/oss-security/2011/05/19/6
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/44756
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/44827
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/44683
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/44712
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1143-1
vendor-advisory
x_refsource_UBUNTU
http://openwall.com/lists/oss-security/2011/05/19/3
mailing-list
x_refsource_MLIST
http://www.dovecot.org/doc/NEWS-1.2
x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2011/05/18/4
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/44771
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://dovecot.org/pipermail/dovecot/2011-May/059086.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.debian.org/security/2011/dsa-2252
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:101
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.dovecot.org/doc/NEWS-2.0
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=706286
Resource:
x_refsource_CONFIRM
Hyperlink: http://dovecot.org/pipermail/dovecot/2011-May/059085.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1187.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://osvdb.org/72495
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/67589
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://hermes.opensuse.org/messages/8581790
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/47930
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/6
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/44756
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/44827
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/44683
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/44712
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-1143-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/3
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.dovecot.org/doc/NEWS-1.2
Resource:
x_refsource_CONFIRM
Hyperlink: http://openwall.com/lists/oss-security/2011/05/18/4
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/44771
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://dovecot.org/pipermail/dovecot/2011-May/059086.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.debian.org/security/2011/dsa-2252
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:101
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.dovecot.org/doc/NEWS-2.0
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=706286
x_refsource_CONFIRM
x_transferred
http://dovecot.org/pipermail/dovecot/2011-May/059085.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1187.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://osvdb.org/72495
vdb-entry
x_refsource_OSVDB
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/67589
vdb-entry
x_refsource_XF
x_transferred
https://hermes.opensuse.org/messages/8581790
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/bid/47930
vdb-entry
x_refsource_BID
x_transferred
http://openwall.com/lists/oss-security/2011/05/19/6
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/44756
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/44827
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/44683
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/44712
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-1143-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://openwall.com/lists/oss-security/2011/05/19/3
mailing-list
x_refsource_MLIST
x_transferred
http://www.dovecot.org/doc/NEWS-1.2
x_refsource_CONFIRM
x_transferred
http://openwall.com/lists/oss-security/2011/05/18/4
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/44771
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://dovecot.org/pipermail/dovecot/2011-May/059086.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2252
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:101
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.dovecot.org/doc/NEWS-2.0
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=706286
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://dovecot.org/pipermail/dovecot/2011-May/059085.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1187.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://osvdb.org/72495
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/67589
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://hermes.opensuse.org/messages/8581790
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/47930
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/6
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/44756
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/44827
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/44683
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/44712
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1143-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/3
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.dovecot.org/doc/NEWS-1.2
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2011/05/18/4
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:24 May, 2011 | 23:55
Updated At:29 Apr, 2026 | 01:13

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Dovecot
dovecot
>>dovecot>>1.2.0
cpe:2.3:a:dovecot:dovecot:1.2.0:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.1
cpe:2.3:a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.2
cpe:2.3:a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.3
cpe:2.3:a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.4
cpe:2.3:a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.5
cpe:2.3:a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.6
cpe:2.3:a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.7
cpe:2.3:a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.8
cpe:2.3:a:dovecot:dovecot:1.2.8:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.9
cpe:2.3:a:dovecot:dovecot:1.2.9:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.10
cpe:2.3:a:dovecot:dovecot:1.2.10:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.11
cpe:2.3:a:dovecot:dovecot:1.2.11:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.12
cpe:2.3:a:dovecot:dovecot:1.2.12:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.13
cpe:2.3:a:dovecot:dovecot:1.2.13:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.14
cpe:2.3:a:dovecot:dovecot:1.2.14:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.15
cpe:2.3:a:dovecot:dovecot:1.2.15:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>1.2.16
cpe:2.3:a:dovecot:dovecot:1.2.16:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0
cpe:2.3:a:dovecot:dovecot:2.0:beta1:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.0
cpe:2.3:a:dovecot:dovecot:2.0.0:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.1
cpe:2.3:a:dovecot:dovecot:2.0.1:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.2
cpe:2.3:a:dovecot:dovecot:2.0.2:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.3
cpe:2.3:a:dovecot:dovecot:2.0.3:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.4
cpe:2.3:a:dovecot:dovecot:2.0.4:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.5
cpe:2.3:a:dovecot:dovecot:2.0.5:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.6
cpe:2.3:a:dovecot:dovecot:2.0.6:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.7
cpe:2.3:a:dovecot:dovecot:2.0.7:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.8
cpe:2.3:a:dovecot:dovecot:2.0.8:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.9
cpe:2.3:a:dovecot:dovecot:2.0.9:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.10
cpe:2.3:a:dovecot:dovecot:2.0.10:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.11
cpe:2.3:a:dovecot:dovecot:2.0.11:*:*:*:*:*:*:*
Dovecot
dovecot
>>dovecot>>2.0.12
cpe:2.3:a:dovecot:dovecot:2.0.12:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://dovecot.org/pipermail/dovecot/2011-May/059085.htmlsecalert@redhat.com
Patch
http://dovecot.org/pipermail/dovecot/2011-May/059086.htmlsecalert@redhat.com
Patch
http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21csecalert@redhat.com
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.htmlsecalert@redhat.com
N/A
http://openwall.com/lists/oss-security/2011/05/18/4secalert@redhat.com
Patch
http://openwall.com/lists/oss-security/2011/05/19/3secalert@redhat.com
Patch
http://openwall.com/lists/oss-security/2011/05/19/6secalert@redhat.com
Patch
http://osvdb.org/72495secalert@redhat.com
N/A
http://secunia.com/advisories/44683secalert@redhat.com
N/A
http://secunia.com/advisories/44712secalert@redhat.com
N/A
http://secunia.com/advisories/44756secalert@redhat.com
N/A
http://secunia.com/advisories/44771secalert@redhat.com
N/A
http://secunia.com/advisories/44827secalert@redhat.com
N/A
http://www.debian.org/security/2011/dsa-2252secalert@redhat.com
N/A
http://www.dovecot.org/doc/NEWS-1.2secalert@redhat.com
N/A
http://www.dovecot.org/doc/NEWS-2.0secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:101secalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2011-1187.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/47930secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-1143-1secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=706286secalert@redhat.com
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/67589secalert@redhat.com
N/A
https://hermes.opensuse.org/messages/8581790secalert@redhat.com
N/A
http://dovecot.org/pipermail/dovecot/2011-May/059085.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://dovecot.org/pipermail/dovecot/2011-May/059086.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21caf854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://openwall.com/lists/oss-security/2011/05/18/4af854a3a-2127-422b-91ae-364da2661108
Patch
http://openwall.com/lists/oss-security/2011/05/19/3af854a3a-2127-422b-91ae-364da2661108
Patch
http://openwall.com/lists/oss-security/2011/05/19/6af854a3a-2127-422b-91ae-364da2661108
Patch
http://osvdb.org/72495af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44683af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44712af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44756af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44771af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44827af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2011/dsa-2252af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.dovecot.org/doc/NEWS-1.2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.dovecot.org/doc/NEWS-2.0af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:101af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-1187.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/47930af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1143-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=706286af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/67589af854a3a-2127-422b-91ae-364da2661108
N/A
https://hermes.opensuse.org/messages/8581790af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://dovecot.org/pipermail/dovecot/2011-May/059085.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://dovecot.org/pipermail/dovecot/2011-May/059086.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/05/18/4
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/3
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/6
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://osvdb.org/72495
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/44683
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/44712
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/44756
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/44771
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/44827
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2252
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.dovecot.org/doc/NEWS-1.2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.dovecot.org/doc/NEWS-2.0
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:101
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1187.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47930
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1143-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=706286
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/67589
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://hermes.opensuse.org/messages/8581790
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://dovecot.org/pipermail/dovecot/2011-May/059085.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://dovecot.org/pipermail/dovecot/2011-May/059086.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/05/18/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://openwall.com/lists/oss-security/2011/05/19/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://osvdb.org/72495
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44683
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44712
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44756
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44771
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44827
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2252
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.dovecot.org/doc/NEWS-1.2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.dovecot.org/doc/NEWS-2.0
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:101
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1187.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47930
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1143-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=706286
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/67589
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://hermes.opensuse.org/messages/8581790
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1110Records found

CVE-2020-10967
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-8.15% / 94.16%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 14:02
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2669
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-4.64% / 90.60%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 13:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.

Action-Not Available
Vendor-[UNKNOWN]Debian GNU/LinuxDovecot
Product-debian_linuxdovecotdovecot
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7957
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.1||LOW
EPSS-1.88% / 76.87%
||
7 Day CHG+0.05%
Published-12 Feb, 2020 | 16:50
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.

Action-Not Available
Vendor-n/aFedora ProjectDovecot
Product-fedoradovecotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2111
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.43% / 82.22%
||
7 Day CHG~0.00%
Published-27 May, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25275
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.66% / 90.63%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 16:19
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxDovecot
Product-debian_linuxfedoradovecotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0745
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.08% / 86.07%
||
7 Day CHG~0.00%
Published-20 May, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CVE-2019-11499
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.53% / 82.94%
||
7 Day CHG~0.00%
Published-08 May, 2019 | 17:00
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.

Action-Not Available
Vendor-n/aFedora ProjectopenSUSEDovecot
Product-fedoradovecotleapn/a
CVE-2019-11494
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.43% / 82.26%
||
7 Day CHG~0.00%
Published-08 May, 2019 | 17:04
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

Action-Not Available
Vendor-n/aFedora ProjectopenSUSEDovecot
Product-fedoradovecotleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-10691
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.80% / 84.73%
||
7 Day CHG~0.00%
Published-24 Apr, 2019 | 16:49
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.

Action-Not Available
Vendor-n/aopenSUSEDovecot
Product-dovecotleapn/a
CVE-2017-15132
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.18% / 86.50%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 20:00
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxdovecotdovecot
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2014-3430
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.33% / 87.14%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-12673
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.19% / 92.64%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 15:18
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxfedoradovecotn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12674
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.19% / 92.64%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 15:20
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxfedoradovecotn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12100
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.21% / 91.49%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 15:07
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

Action-Not Available
Vendor-n/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxDovecot
Product-ubuntu_linuxdebian_linuxfedoradovecotn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-10957
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.17% / 93.52%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 13:56
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-10958
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-6.12% / 92.57%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 14:00
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-416
Use After Free
CVE-2019-19722
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.48% / 82.60%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 16:34
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.

Action-Not Available
Vendor-n/aFedora ProjectDovecot
Product-fedoradovecotn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-4318
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.32% / 67.40%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8652
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-48.20% / 98.72%
||
7 Day CHG~0.00%
Published-16 Feb, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-59028
Matching Score-6
Assigner-Open-Xchange
ShareView Details
Matching Score-6
Assigner-Open-Xchange
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 35.81%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 08:10
Updated-30 Apr, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.

Action-Not Available
Vendor-Open-Xchange AGDovecot
Product-dovecotOX Dovecot Pro
CWE ID-CWE-20
Improper Input Validation
CVE-2025-59032
Matching Score-6
Assigner-Open-Xchange
ShareView Details
Matching Score-6
Assigner-Open-Xchange
CVSS Score-7.5||HIGH
EPSS-0.70% / 48.75%
||
7 Day CHG+0.30%
Published-27 Mar, 2026 | 08:10
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.

Action-Not Available
Vendor-Open-Xchange AGDovecotRed Hat, Inc.
Product-dovecotOX Dovecot ProRed Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-229
Improper Handling of Values
CVE-2008-4907
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-6.20% / 92.65%
||
7 Day CHG~0.00%
Published-04 Nov, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."

Action-Not Available
Vendor-n/aDovecot
Product-dovecotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2284
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.43% / 90.20%
||
7 Day CHG~0.00%
Published-24 Mar, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aNet-SNMP
Product-net-snmpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.43% / 82.22%
||
7 Day CHG~0.00%
Published-26 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

Action-Not Available
Vendor-xelerancen/a
Product-openswann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1316
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.15% / 62.90%
||
7 Day CHG~0.00%
Published-23 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1725
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.37% / 68.53%
||
7 Day CHG~0.00%
Published-09 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2342
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.3||MEDIUM
EPSS-1.79% / 75.69%
||
7 Day CHG~0.00%
Published-30 May, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Triangle MicroWorks SCADA Data Gateway Resource Exhaustion

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.

Action-Not Available
Vendor-trianglemicroworksTriangle MicroWorks
Product-scada_data_gatewaySCADA Data Gateway
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2014-2310
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.99% / 78.26%
||
7 Day CHG~0.00%
Published-17 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

Action-Not Available
Vendor-n/aNet-SNMP
Product-net-snmpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3164
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.28% / 66.51%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 18:40
Updated-15 Nov, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-web_security_applianceemail_security_appliancecontent_security_management_appliancecloud_email_securityCisco Web Security Appliance (WSA)
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2121
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-2.96% / 85.55%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-hosted_collaboration_solutionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2155
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.73% / 74.84%
||
7 Day CHG~0.00%
Published-19 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-cns_network_registrarn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-10077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.39% / 87.34%
||
7 Day CHG~0.00%
Published-06 Nov, 2018 | 16:00
Updated-06 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.

Action-Not Available
Vendor-i18n_projectn/aDebian GNU/Linux
Product-i18ndebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1711
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.30% / 81.19%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 21:55
Updated-19 Nov, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR gRPC Software Denial of Service Vulnerability

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS XR 6.5.1 and later.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0255
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-41.78% / 98.51%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0995
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.67% / 94.91%
||
7 Day CHG~0.00%
Published-06 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-1349
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.11% / 95.08%
||
7 Day CHG~0.00%
Published-30 Mar, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationRed Hat, Inc.
Product-ubuntu_linuxsatelliteenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopmod_perlenterprise_linux_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0628
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-1.07% / 60.90%
||
7 Day CHG+0.01%
Published-25 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_micro-edition-suiten/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.58%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 11:55
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.

Action-Not Available
Vendor-once_cell_projectn/a
Product-once_celln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0239
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-67.57% / 99.22%
||
7 Day CHG~0.00%
Published-28 May, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.

Action-Not Available
Vendor-n/aSamba
Product-samban/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0677
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-2.08% / 79.21%
||
7 Day CHG~0.00%
Published-22 Jan, 2014 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nx-osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0486
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-3.46% / 87.61%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 16:00
Updated-06 Aug, 2024 | 09:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.

Action-Not Available
Vendor-nicn/a
Product-knot_cmsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0253
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-38.70% / 98.40%
||
7 Day CHG~0.00%
Published-12 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0256
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-41.78% / 98.51%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6700
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.23% / 65.34%
||
7 Day CHG~0.00%
Published-29 Nov, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xrn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7112
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.31% / 81.25%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0037
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.40% / 81.97%
||
7 Day CHG~0.00%
Published-28 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."

Action-Not Available
Vendor-zarafan/a
Product-zarafan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0128
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-32.63% / 98.13%
||
7 Day CHG~0.00%
Published-14 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7177
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-3.23% / 86.75%
||
7 Day CHG~0.00%
Published-01 Feb, 2014 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

Action-Not Available
Vendor-fail2bann/a
Product-fail2bann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0079
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.79% / 75.70%
||
7 Day CHG~0.00%
Published-28 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."

Action-Not Available
Vendor-zarafan/a
Product-zarafan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0082
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.19% / 92.64%
||
7 Day CHG~0.00%
Published-20 Feb, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

Action-Not Available
Vendor-n/aRuby on Rails
Product-ruby_on_railsrailsn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found